package com.zz.config;


import java.util.LinkedHashMap;

import org.apache.shiro.codec.Base64;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.spring.LifecycleBeanPostProcessor;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.CookieRememberMeManager;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.servlet.SimpleCookie;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
@Configuration
public class ShiroConfig2 {
	@Bean
	public ShiroFilterFactoryBean shiroFilterFactoryBean(SecurityManager securityManager) {
		ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
		// 设置securityManager
		shiroFilterFactoryBean.setSecurityManager(securityManager);
		//登录的url
		shiroFilterFactoryBean.setLoginUrl("/hk_warelogin.html");
		//登录成功后跳转的url
		shiroFilterFactoryBean.setSuccessUrl("/hk_warekc1.html");
		//未授权url
		shiroFilterFactoryBean.setUnauthorizedUrl("/403");
		
		LinkedHashMap<String, String> filterChainDefinitionMap = new LinkedHashMap<>();
		 /** authc：该过滤器下的页面必须验证后才能访问，它是Shiro内置的一个拦截器
	        * org.apache.shiro.web.filter.authc.FormAuthenticationFilter*
	      // anon：它对应的过滤器里面是空的,什么都没做,可以理解为不拦截
	      //authc:所有url都必须认证通过才可以访问; anon:所有url都都可以匿名访问 */

		//定义filterChain,静态资源不拦截
		filterChainDefinitionMap.put("/css/**", "anon");
		filterChainDefinitionMap.put("/js/**", "anon");
		filterChainDefinitionMap.put("/fonts/**", "anon");
		filterChainDefinitionMap.put("/img/**", "anon");//"anon"表示不会拦截
		filterChainDefinitionMap.put("/Demo3motal/**", "anon");//"anon"表示不会拦截
		//druid数据源监控页面不拦截
		filterChainDefinitionMap.put("/druid/**", "anon");
		
		filterChainDefinitionMap.put("/ware/**", "anon");
		filterChainDefinitionMap.put("/hk_warelogin.html", "anon");
		filterChainDefinitionMap.put("/hk_wareregister.html", "anon");
		filterChainDefinitionMap.put("/manager/register", "anon");
		filterChainDefinitionMap.put("/manager/login", "anon");
		filterChainDefinitionMap.put("/manager/checkname", "anon");
		//配置退出过滤器，其中具体的退出代码Shiro已经替我们实现了
		filterChainDefinitionMap.put("/logout", "logout");
		filterChainDefinitionMap.put("/", "anon");
		//配置记住我过滤器或认证通过可以访问的地址(当上次登录时，记住我以后，在下次访问/或/index时，可以直接访问，不需要登陆)
		// 除上以外所有url都必须认证通过才可以访问，未通过认证自动访问LoginUrl
		//filterChainDefinitionMap.put("/hk_warekc1.html", "user");
		filterChainDefinitionMap.put("/manager/ware", "user");
		filterChainDefinitionMap.put("/**", "user");
		
		shiroFilterFactoryBean.setFilterChainDefinitionMap(filterChainDefinitionMap);
		
		return shiroFilterFactoryBean;
	}
 
	/**
	  * cookie对象;
	  * rememberMeCookie()方法是设置Cookie的生成模版，比如cookie的name，cookie的有效时间等等。
	  * @return
	 */
	@Bean
	public SimpleCookie rememberMeCookie(){
	      System.out.println("ShiroConfiguration.rememberMeCookie()");
	      //这个参数是cookie的名称，对应前端的checkbox的name = rememberMe
	      SimpleCookie simpleCookie = new SimpleCookie("rememberMe");
	      //<!-- 记住我cookie生效时间30天 ,单位秒;-->
	      simpleCookie.setMaxAge(259200);
	      return simpleCookie;
	}
	/**
	  * cookie管理对象;
	  * rememberMeManager()方法是生成rememberMe管理器，而且要将这个rememberMe管理器设置到securityManager中
	  * @return
	 * @throws NoSuchAlgorithmException 
	 */
	@Bean
	public CookieRememberMeManager rememberMeManager(){
	      //System.out.println("ShiroConfiguration.rememberMeManager()");
	      CookieRememberMeManager cookieRememberMeManager = new CookieRememberMeManager();
	      cookieRememberMeManager.setCookie(rememberMeCookie());
	      //rememberMe cookie加密的密钥 建议每个项目都不一样 默认AES算法 密钥长度(128 256 512 位)
	      //通过以下代码可以获取
//	      KeyGenerator keygen = KeyGenerator.getInstance("AES");
//	      SecretKey deskey = keygen.generateKey();
//	      System.out.println(Base64.encodeToString(deskey.getEncoded()));
	      cookieRememberMeManager.setCipherKey(Base64.decode("3AvVhmFLUs0KTA3Kprsdag=="));
	      return cookieRememberMeManager;
	}

	@Bean  
    public SecurityManager securityManager(){  
		// 配置SecurityManager，并注入shiroRealm
       DefaultWebSecurityManager securityManager =  new DefaultWebSecurityManager();
       securityManager.setRealm(shiroRealm());//设置Realm，用于获取认证凭证
       securityManager.setRememberMeManager(rememberMeManager());//注入Cookie(记住我)管理器(remenberMeManager)
       return securityManager;  
    }  
	@Bean(name = "lifecycleBeanPostProcessor")
    public LifecycleBeanPostProcessor lifecycleBeanPostProcessor() {
		 // Shiro生命周期处理器
		return new LifecycleBeanPostProcessor();
    }
	@Bean  
    public ShiroRealm shiroRealm(){  
	// 配置Realm，需自己实现
       ShiroRealm shiroRealm = new ShiroRealm();  
       return shiroRealm;  
    }  
	

	
}
